Technical Field
The following disclosure relates to a client device configured to verify server certificate data acquired from a server device, a non-transitory storage medium storing a plurality of instructions executable by a processor of the client device, and a service performing system.
Description of the Related Art
There has been known a technique of communication using Secure Sockets Layer (SSL) between a server device for providing a service and a client device which uses the service. SSL effectively prevents communication with a device having spoofed the server device and also prevents eavesdropping and tampering of data transferred between the client device and the server device.
Specifically, before using the service provided by the server device, the client device acquires server certificate data from the server device, verifies the server certificate data by using Certification Authority (CA) certificate data issued by CA, and sends the server device a pre-master-secret value encrypted using a public key contained in the verified server certificate data. This pre-master-secret value is used to encrypt data to be transferred between the client device and the server device.
The number of CA certificate data stored in a storage device of the client device increases with increase in the number of services used by the client device. This increase may unfortunately result in a storage area of the client device being cluttered with the CA certificate data. This problem is caused in particular in the client device having a storage area of a small size.
Accordingly, an aspect of the disclosure relates to a client device capable of using a multiplicity of services without a storage area being cluttered with CA certificate data, a non-transitory storage medium storing a plurality of instructions executable by a processor of the client device, and a service performing system.
In one aspect of the disclosure, a client device includes: a communication device configured to be electrically connected with (i) a server configured to provide a service and (ii) a relay device; a storage; and a controller. The controller is configured to execute: a first reception process for receiving service use information from the relay device via the communication device; a first transmission process for using the service use information received in the first reception process, to transmit connection request information to the server via the communication device; a second reception process for receiving, via the communication device, the server certificate data which is transmitted from the server as a response to the connection request information; a determination process for determining whether certificate-authority certificate data is stored in the storage, the certificate-authority certificate data being for verification of server certificate data which is provided by the server; a first verification process for verifying the server certificate data using the certificate-authority certificate data when the controller determines in the determination process that the certificate-authority certificate data is stored in the storage; a third reception process for receiving the certificate-authority certificate data from the relay device via the communication device when the controller determines in the determination process that the certificate-authority certificate data is not stored in the storage; a second verification process for verifying the server certificate data using the certificate-authority certificate data received in the third reception process; and a storage control process for storing the certificate-authority certificate data received in the third reception process, into the storage.
In one aspect of the disclosure, a client device includes: a communication device configured to be electrically connected with a server and a relay device; a storage; a controller; and a plurality of servers each as the server. The plurality of servers are configured to respectively provide a plurality of services different from each other. The plurality of servers include a first server and a second server different from the first server. The plurality of services include: a first service provided by the first server and accepted by the relay device in advance; and a second service provided by the second server and not accepted by the relay device in advance. The storage includes a first storage area and a second storage area different from the first storage area. The controller is configured to: store, in the storage, certificate-authority certificate data for verification of server certificate data which is provided by the server; store first certificate-authority certificate data in the first storage area; and store second certificate-authority certificate data in the second storage area. The first certificate-authority certificate data is for verification of first server certificate data provided by the first server. The second certificate-authority certificate data is for verification of second server certificate data provided by the second server. The controller is configured to execute: a first reception process for receiving service use information from the relay device via the communication device; a first transmission process for using the service use information received in the first reception process, to transmit connection request information to the server via the communication device; a second reception process for receiving, via the communication device, the server certificate data which is transmitted from the server as a response to the connection request information; and a verification process for verifying the server certificate data received in the second reception process, using the certificate-authority certificate data stored in the storage. The controller is configured to: use the certificate-authority certificate data stored in the first storage area to verify the first server certificate data in the verification process, when the controller receives the service use information corresponding to the first service in the first reception process; and use the certificate-authority certificate data stored in the second storage area to verify the second server certificate data in the verification process, when the controller receives the service use information corresponding to the second service in the first reception process.
In one aspect of the disclosure, a non-transitory storage medium stores a plurality of instructions executable by a processor of a client device. The client device includes: a communication device configured to be electrically connected with (i) a server configured to provide a service and (ii) a relay device; and a storage. The plurality of instructions, when executed by the processor, cause the client device to execute: a first reception process for receiving service use information from the relay device via the communication device; a first transmission process for using the service use information received in the first reception process, to transmit connection request information to the server via the communication device; a second reception process for receiving, via the communication device, the server certificate data which is transmitted from the server as a response to the connection request information; a determination process for determining whether certificate-authority certificate data is stored in the storage, the certificate-authority certificate data being for verification of server certificate data which is provided by the server; a first verification process for verifying the server certificate data using the certificate-authority certificate data when the client device determines in the determination process that the certificate-authority certificate data is stored in the storage; a third reception process for receiving the certificate-authority certificate data from the relay device via the communication device when the client device determines in the determination process that the certificate-authority certificate data is not stored in the storage; a second verification process for verifying the server certificate data using the certificate-authority certificate data received in the third reception process; and a storage control process for storing the certificate-authority certificate data received in the third reception process, into the storage.
In one aspect of the disclosure, a service performing system includes: a server configured to provide a service; a client device configured to use the service; and a relay device. The client device includes: a communication device configured to be electrically connected with the server and the relay device; a storage; and a controller. The controller is configured to execute: a first reception process for receiving service use information from the relay device via the communication device; a first transmission process for using the service use information received in the first reception process, to transmit connection request information to the server via the communication device; a second reception process for receiving, via the communication device, the server certificate data which is transmitted from the server as a response to the connection request information; a determination process for determining whether certificate-authority certificate data is stored in the storage, the certificate-authority certificate data being for verification of server certificate data which is provided by the server; a first verification process for verifying the server certificate data using the certificate-authority certificate data when the controller determines in the determination process that the certificate-authority certificate data is stored in the storage; a third reception process for receiving the certificate-authority certificate data from the relay device via the communication device when the controller determines in the determination process that the certificate-authority certificate data is not stored in the storage; a second verification process for verifying the server certificate data using the certificate-authority certificate data received in the third reception process; and a storage control process for storing the certificate-authority certificate data received in the third reception process, into the storage.